Quantstamp has audited the smart contract of the SushiSwap decentralized exchange, which is a fork of the popular Uniswap platform. Specialists discovered 10 vulnerabilities in the protocol.
The vulnerabilities detected by the auditor are not critical – two of them were classified as errors of medium severity, three more are of low severity, and the remaining five do not pose an immediate danger, but are code flaws.
So, one of the vulnerabilities was the ability to add the same liquidity provider twice, which can lead to errors in reward. A vulnerability was also discovered that allows you to steal funds from the platform if the owner’s private key is compromised. Another vulnerability can lead to the fact that the protocols “massUpdatePools” run out of gas for commissions.
Note that earlier, Cinneamhain Ventures partner Adam Cochran warned the public that the developer of SushiSwap, known under the pseudonym “Chef Nomi”, has $ 27 million unlocked SUSHI tokens, and he can use them to manipulate prices on the site. However, the developer said that this is just his share of tokens, and it has existed from the very beginning.
Despite the initial absence of an audit, in just three days of the existence of the SushiSwap exchange , assets worth $ 700 million were blocked on it , and at the moment this figure has already exceeded $ 1 billion. The cost of the project’s own token has grown 6 times in recent days.